burp-mcp-agents
Provides guides and helper scripts to connect a Burp Suite MCP Server to different AI backends (Codex CLI, Gemini CLI, Ollama, LM Studio), including a recommended Caddy reverse proxy setup for MCP over SSE and reusable prompt templates for analyzing real (passively observed) Burp traffic.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
The README emphasizes 'safety-first workflows' and passive analysis, but does not specify authentication/authorization controls for the MCP layer, nor does it document how secrets are stored or protected. If cloud backends are used, request/response content may be sent to third parties; local backends reduce that exposure. TLS/encryption requirements at the proxy layer are not explicitly documented in the provided text.
⚡ Reliability
Best When
You want to review real Burp traffic with LLM assistance (passive workflows) and are comfortable configuring local proxies/backends.
Avoid When
You require a standardized programmatic interface (beyond MCP) with strong, explicit security controls and rigorous operational documentation.
Use Cases
- • Assistive analysis of real Burp Suite traffic using LLM reasoning
- • Passive identification of potential vulnerabilities and logic/auth issues from observed requests
- • Generating evidence-based reports based on Burp traffic and LLM prompts
- • Local-first workflows for privacy using Ollama/LM Studio
Not For
- • Automated active scanning, fuzzing, or blind scanning
- • Production-grade, fully managed security testing with strict compliance guarantees
- • Teams needing a single turnkey, unified API/SDK across backends
Interface
Authentication
The README describes connecting a Burp MCP Server extension and configuring proxies/backends, but does not document MCP authentication modes, API keys, scopes, or how credentials are handled at the MCP layer.
Pricing
Costs depend on selected AI backend (cloud CLIs vs local models). The repo itself is MIT-licensed, but the README does not specify pricing or free-tier details for the associated services.
Agent Metadata
Known Gotchas
- ⚠ Setup complexity varies significantly by backend (cloud vs local) and may require correct CLI/proxy configuration
- ⚠ No evidence in the provided README of retry/idempotency guidance for MCP calls
- ⚠ Caddy proxy/SSE configuration is part of the workflow; misconfiguration can break streaming/transport
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for burp-mcp-agents.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.